General

  • Target

    363e77efdf153b6c5f034033f06b3150266db15596207c541ae57bc2666fbc88

  • Size

    52KB

  • Sample

    230718-p9a37abb9y

  • MD5

    1b571a1f96a70102d4bbf756094df8c7

  • SHA1

    47fbf53331dbfc0b64576a35fc4cc1700c5d1d31

  • SHA256

    363e77efdf153b6c5f034033f06b3150266db15596207c541ae57bc2666fbc88

  • SHA512

    2248e88c9ac1a429b0aabb684b1aa9df8920bd9f6787e7cbc12646998b56e6c09feadce81698e37c635c1f23190e61a9b14148700a22e18570f0ff90f462bdb1

  • SSDEEP

    768:woyDYSt1e9lIYEKQ7mkb4abfHP65xthEjm680lk:TyT1e9mYuccviNSjVtk

Score
10/10

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1_bldxa2NI5RRFoU8gSofIDZrfQrVbOx4

xor.base64

Targets

    • Target

      363e77efdf153b6c5f034033f06b3150266db15596207c541ae57bc2666fbc88

    • Size

      52KB

    • MD5

      1b571a1f96a70102d4bbf756094df8c7

    • SHA1

      47fbf53331dbfc0b64576a35fc4cc1700c5d1d31

    • SHA256

      363e77efdf153b6c5f034033f06b3150266db15596207c541ae57bc2666fbc88

    • SHA512

      2248e88c9ac1a429b0aabb684b1aa9df8920bd9f6787e7cbc12646998b56e6c09feadce81698e37c635c1f23190e61a9b14148700a22e18570f0ff90f462bdb1

    • SSDEEP

      768:woyDYSt1e9lIYEKQ7mkb4abfHP65xthEjm680lk:TyT1e9mYuccviNSjVtk

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks